The situation is fast evolving in the wake of Russia’s invasion of Ukraine, and SANS is working to continuously develop and share with our community valuable resources to help them navigate the heightened cyber threat during this escalating crisis. Please take a look through the below repository and check back regularly in the coming days, as more resources will be added and updated as they become available.
Upcoming webcasts & streams
Live Stream - Criminal Justice & National Cyber Security
Wednesday, May 4 at 12:00 pm EST
Join us for a conversation with Luke Dembosky as he shares insights from a 20-year career of investigating and prosecuting criminal and national security cyber cases for the Justice Department and serving now as cyber counsel to leading companies. Luke will draw on observations from working many landmark cyber cases and from his time as a diplomat based in Russia, and will discuss the most significant changes that have led this critical point in cybersecurity and his thoughts on what the future holds in this important space.
Luke Dembosky is a litigation partner based in Washington, DC and is a member of the Cybersecurity & Data Privacy practice and White Collar & Regulatory Defense Group. His practice focuses on cybersecurity incident preparation and emergency response, related civil litigation and regulatory defense, as well as national security issues.
Prior to joining Debevoise, Mr. Dembosky was the Deputy Assistant Attorney General for National Security at the DOJ's National Security Division and the highest-ranking official at the DOJ focused primarily on cyber investigations and prosecutions. Mr. Dembosky was the senior DOJ lawyer on the Target, Sony Pictures and Anthem breaches, among others, and acted as a DOJ ambassador to corporate America in efforts to strengthen public-private cooperation on cyber matters. He managed the DOJ’s operational and policy work on national security cyber matters; oversaw the National Security Cyber Specialists network of prosecutors throughout the US; advised senior leadership of the DOJ, FBI, Secret Service, National Security Council and other agencies regarding major cyber cases and related legal and policy issues; participated in the negotiation of a cyber accord with Russia and the 5-point agreement signed by President Obama and President Xi of China; and served as Deputy Chief for Litigation of the Computer Crime and Intellectual Property Section, the primary unit within the DOJ’s Criminal Division overseeing cybercrime cases. Mr. Dembosky also supervised the highly publicized takedown of the GameOver Zeus botnet that targeted the financial sector.
Past webcasts & streams - accessible on demand
Urgent Webcast: Russian Cyber Attack Escalation in Ukraine – What You Need to Know!
Aired Friday, February 25 at 12:00pm EST
Every organization is at risk from cyber threats from Russia, warned governments and intelligence agencies from around the world. This warning comes in response to the escalation of Russia’s invasion of Ukraine, which includes boots-on-the-ground tactics as well as cyber attacks.
Russian cyber operations have targeted Ukraine with destabilization efforts for years, by way of infrastructure attacks, influence operations, website defacement, and attacks on Ukrainian banks and military networks.
All organizations find themselves potential targets for cyber attacks as Russia responds to sanctions imposed on Russia for violating international law. According to the governments and intelligence agencies from around the world, “Russia maintains a range of offensive cyber tools that it could employ against global networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure.”
Given all the fast-moving pieces involved, what exactly is the threat from Russia?
In this urgent webcast, top cybersecurity experts Tim Conway, Kevin Holvoet, Rob Lee, and Jake Williams will give an overview of current Russian Threat Actor capabilities, discuss critical infrastructure attacks on Ukraine, and possible escalation spillover into the other parts of the world. Join us to get the answers to the key questions surrounding this conflict.
Go Here to Download Webcast Slides >>
Note: This webcast has been translated into four additional languages. Access them below:
Defenders: What to do NOW if expecting nation state attackers
Live Stream - Aired Wednesday, March 2 at 1:30pm EST
Many orgs didn’t realize it, but they’ve always been the potential target of state-sponsored attacks. Recent geopolitical events have brought this into the forefront. You can mount effective defenses against the strongest of attackers. You can win as a defender in infosec. In this webcast Mick Douglas and Jon Gorenflo will show you how… with a focused and prioritized battleplan. Even better, most of this will be done with existing components you already have.
See associated PDF >>
Note: This webcast has been translated into two additional languages. Access them below:
Prioritizing Critical Infrastructure Defense
Webcast - Aired Friday, March 4 at 2:00pm EST (19:00 UTC)
Speakers: Paul Stockton, Robert M. Lee, Tim Conway
With ongoing military operations escalating in Ukraine on a daily basis, there are unique global considerations that Asset Owners and Operators within Critical Infrastructure sectors need to know. This webcast will address the current state of activity occurring globally and the specific relevance to Critical Infrastructure and Key Resources. The speakers will dive into the Industrial Control System specific actions that organizations can and need to take immediately. The speakers will also explore the resilience and incident response measures that organizations should consider in anticipation of possible attacks. Recognizing the uniqueness of these operational environments and understanding the full scope of what can be pursued with cybersecurity programs, the speakers will provide a prioritized list of top 5 critical controls for OT environments.
Note: This webcast has been translated into two additional languages. Access them below:
Emerging Cyber Guidance to the Ukraine-Russia War
Aired Monday, March 21 at 1:00pm CET (12:00 UTC)
Speakers: Rob Lee, Kevin Holvoet, Tim Conway, Nico Dekens, Mick Douglas
As the Ukraine-Russia war continues to escalate, countries, companies, and individuals have growing concerns about the global impact, what it means to them, and what they should be doing now and in the future. Important topics have emerged early on, and in this webcast, SANS cybersecurity experts will walk through each of these and provide the latest guidance on top questions:
- Introductions and “Where is the Ukraine-Russian CyberWar?” led by Rob Lee - Did we get it wrong? Were the warnings premature? Does the threat still exist?
- Cyber Threat Intelligence, led by Kevin Holvoet - What do we know about the various activity groups conducting operations in Ukraine and abroad?
- Critical Infrastructure Protection, led by Tim Conway - What defender actions will help reduce the effect of an attack within Industrial Control System (ICS) environments?
- Open Source Intelligence, led by Nico Dekens - How can we identify information that informs decision making? What are the characteristics of disinformation campaigns?
- Cyber Defense and Threat Hunting, led by Mick Douglas - What are some actions to take now to better defend enterprise systems and identify adversary actions?
Equipped with this knowledge, attendees will better understand Russian capabilities, learn to limit the effectiveness of known disinformation and cyber-attack methodologies, and begin developing a customized threat hunting strategy for defeating Russian-sponsored attackers and supporters.
You are NOT alone. Knowledge is power and we will help arm you!
PIPEDREAM and Countering ICS Malware
Aired Wednesday, April 27 at 12:00pm EST
In this presentation, SANS Senior instructors Robert M. Lee and Tim Conway will discuss what's publicly known about PIPEDREAM, newly discovered malware designed to target Industrial Control Systems (ICS). They'll walk through mitigations and share insights about the various ICS malware families seen to date.
Additional Resources
Blog - Warnings of Impending Russian Cyberattacks: What to Do Now to Harden Your Systems
Even though the best time to plant a tree is 20 years ago, the second-best time is now. There are steps to take now to fortify your cyber defenses.
PDF - Six Defensive Techniques to Make Your Attackers Cry: Russia and Ukraine Cyber Crisis
In this paper, there are six incredibly effective defensive techniques. They will work for organizations of all sizes. The goal of these controls isn’t just to stop attackers, but rather to create a positive feedback loop. If you follow these steps, you will reduce your noise, which allows you to do more meaningful work, which reduces the noise further, and so on! If you’ve ever felt trapped on an IT/cybersecurity treadmill, this is your escape plan. This is a blueprint for victory as a defender.
Internet Storm Center Diary - The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu, writes about recognizing fake social media posts.When we think about "Cyberwar," we often think about power stations blowing up and satellites deorbiting. So far, we have not seen much of this regarding the war in Ukraine. But as Russian troops close in on Kyiv, a "Cyberwar" plays out on social media and has a substantial impact. It can be argued that public opinion and aid for the government in Kyiv are shaped by social media posts of brave Ukrainians resisting insurmountable odds.
CISO Action Items – Ukraine Cyber Crisis
From Joe Sullivan, SANS Certified Instructor Candidate
This PDF is a list of CISO action items of consideration for security leaders that may be directly affected by the crisis in the Ukraine, or in a multi-national organization that depends on Ukrainian resources. The tool can be used as a framework for determining reliable news sources, business analysis, security operation analysis, and then reporting to the executives and board members about the state of security in the context of this crisis.
Security Communications Template
From Lance Spitzner, SANS Senior Instructor
A tremendous number of organizations have been asking us what they should be communicating to their workforce during these unprecedented times. SANS is providing a communications template you can use to communicate to your entire workforce about the key steps people can take to help protect themselves both at home and at work.
